MicrosoftI need a little guidance here with this transition:
We are have an existing legacy LAPS setup running with group policies configured and the LAPS client itself deployed by configmgr sometime after the PC is joined to the domain. This has been in place for a few years and worked as expected for us.
We image our PCs using MDT and have in the past few days updated one of the WIM files from Windows 11 21H2/June 2022 KB to Windows 11 22H2/April 2023 KB. When we deploy this WIM via a pre-existing task sequence, the imaging process gets halted at the Windows login screen at every reboot showing that an incorrect password was entered for the local admin account. We have to use the LAPS UI to look up the password and enter it to continue the deployment task sequence, the admin password specified in the unattend.xml file called by the task sequence has been overwritten. What I believe is happening here is that while before the PC would be on the domain for a few hours before the LAPS client would get installed, now LAPS is built into Windows and the LAPS password policies take effect immediately after domain join.
Does anybody have any ideas for how to handle this scenario? It feels like this is expected but perhaps unintended behavior.
